1. Field of the Invention
The invention relates generally to methods of accessing a secure computer system. More particularly, this invention relates to a method and system for authenticating identity of a user before accessing a computer system.
2. Description of the Related Art
In today""s information age, a user is generally required to execute or pass some form of a security step, such as entering a private identification code or password, to access a computer system. As the computer stored information or application becomes more sensitive or valuable, greater security measures are desired to verify the identity and legitimacy of the user before allowing access to the computer system that contains such information or application. The use of a password alone, however, has become less reliable to authenticate the user. The reduced reliability of using a password alone has been due to a computer hacker""s ability to locate, copy, or electronically identify or track the required password using specialized software programs. In some cases, computer hackers are simply able to obtain the user""s password by exercising duress or force. Accordingly, the use of a password alone to authenticate the user for access to the computer system has not been very reliable.
Instead of or in combination with entering a password, some computer systems are designed to authenticate the user by requiring the user to turn a conventional key or swipe a machine readable card. These techniques, however, are still subject to the same weaknesses as those identified for using a password. Recently, some computer makers considered using the user""s fingerprint to authenticate and grant access to the computer system. In such a system, a peripheral device, such as a mouse, includes a fingerprint acquisition module that provides to the computer a signal representative of the fingerprint of the user. The computer compares the user""s fingerprint signal to a list of signals stored in its memory. If the user""s fingerprint signal matches a signal that is stored in the computer memory, the user is granted access to the computer system, otherwise access is denied. For further details about such computer system, reference is made to U.S. Pat. No. 5,838,306 issued to O""Connor et al. on Nov. 17, 1998, which is incorporated in its entirety by reference. Using a fingerprint is still not immune to the computer hacker""s ability to force the user to place his/her finger on the acquisition device. Moreover, a sophisticated computer hacker may be able to copy the user""s fingerprint and provide a simulated signal to the computer system to obtain access.
Therefore, the above-described authentication techniques do not overcome a computer hacker""s ability to access the computer by forcing the user to enter a password, turn a key, swipe a card, or place the user""s finger on a fingerprint acquisition device. There is a need in the computer technology to provide an implicit authentication technique that is immune to force or theft by computer hackers.
To overcome the above-mentioned limitations, the invention provides a method and system for authenticating a user to access a computer system. The method comprises communicating security information to the computer system, and providing the computer system with an implicit input. The method further comprises determining whether the security information and implicit input match corresponding information associated with the user. The method further comprises granting the user access to the computer system in the event of a satisfactory match.
The system comprises a user interface configured to communicate security information and an implicit input to the computer. The system further comprises a compare circuit that is operationally coupled to the user interface. The compare circuit is configured to determine whether the security information and implicit input match corresponding information associated""with the user. The system further comprises a process circuit that is operationally coupled to the compare circuit. The process circuit is configured to grant the user access to the computer in the event of a satisfactory match. In another embodiment, the system comprises means for interfacing the user with the computer. The interfacing means is configured to communicate security information and an implicit input to the computer. The system further comprises means, operationally coupled to the interfacing means, for comparing the security information and implicit input with corresponding information associated with the user. The system further comprises means, operationally coupled to the comparing means, for processing the compared information and granting the user access to the computer in the event of a satisfactory match.